Commentary

Content posted in February 2012
It's True: Compliance Can Be Good For Your Business
Commentary  |  2/29/2012  | 
The best insurance for your organization is often the processes required for compliance
Why BYOD Doesn't Always Work In Healthcare
Commentary  |  2/28/2012  | 
Security and screen layout problems make it difficult to let clinicians bring their own tablets and smartphones to work.
RSA Conference, One Year Later
Commentary  |  2/27/2012  | 
How I hope history has reshaped this year's RSA Conference one year after one of the most significant breaches in the past decade
Can You Train A Great Penetration Tester?
Commentary  |  2/27/2012  | 
The hacker mindset can't be taught -- it must be developed and refined over time
Bots: Stand Up And Be Counted
Commentary  |  2/24/2012  | 
A new FCC-backed initiative will gather real ISP data on infected bot machines, but will it make a dent on the botnet scourge?
Don't Be Fooled By Buzzwords, Flash, And Empty Promises
Commentary  |  2/24/2012  | 
Heading to San Francisco for RSA, BSides and AGC? Make sure you know how to navigate the vendor gauntlet
Free Anti-Virus Software Fails To Charm Enterprises
Commentary  |  2/24/2012  | 
As free AV gains popularity with consumers, could Symantec and McAfee ever be chased from their top spots in the enterprise?
'Do Not Track' Won't Save You From Yourself
Commentary  |  2/23/2012  | 
Just because you now have a Consumer Privacy Bill of Rights, don't assume you have privacy.
Five Dangerous Compliance Assumptions
Commentary  |  2/23/2012  | 
Many businesses fool themselves about their compliance problems
Can You Delete A Database?
Commentary  |  2/22/2012  | 
Data and databases keep growing, but there's a security tradeoff
Disclosure Clouded By Obscurity
Commentary  |  2/21/2012  | 
Shockingly, the responsible disclosure debate rears its head once again, and amazingly enough some vendors still don't get it. Guess we'll never learn
Google's Privacy Invasion: It's Your Fault
Commentary  |  2/17/2012  | 
If we really wanted privacy, we would turn off JavaScript, block ads, and browse in privacy mode through an anonymous proxy. But we would rather have free services.
What's Behind The Storage Startup Boom?
Commentary  |  2/17/2012  | 
Conditions have been ripe for new storage companies to launch. We're now seeing the fruits of their labor.
What Makes A Top Storage Startup?
Commentary  |  2/17/2012  | 
IT professionals need to keep an eye on the recent boom in innovative, new storage firms. Here's why.
The Financial Industry's Effect On Database Security
Commentary  |  2/15/2012  | 
Security requirements for the financial-services industry differ from other industries
Linux Live Environments: Cool Tools Even For Windows Folks
Commentary  |  2/14/2012  | 
Preconfigured Linux environments provide powerful tools to aid in pen testing, mobile security testing, malware analysis, and forensics
Being A Security Bully Does Not Make You Compliant
Commentary  |  2/14/2012  | 
Compliance is not a tool for dodging work or dismissing business needs
Been Caught Stealin'
Commentary  |  2/14/2012  | 
Emergence of machine to machine (M2M) devices makes life easier for thieves and hackers -- and more dangerous for victims
On Determining Online Identities
Commentary  |  2/10/2012  | 
Forging a stronger tie between the sign-on process and the actual known user who owns that particular account
Between Source Code And Cyanide
Commentary  |  2/9/2012  | 
What the Symantec source-code leak really means
On Determining Online Identities
Commentary  |  2/8/2012  | 
Detecting Online User Identities
RSA Weakness and e-Commerce Authentication
Commentary  |  2/8/2012  | 
RSA key weakness
How Can We Gracefully Update Crypto?
Commentary  |  2/8/2012  | 
Cryptographic methods at any point in time will become weak at some point due to the advances made in computing
Online And Physical User Identities
Commentary  |  2/8/2012  | 
Some data-owning businesses are getting into the Internet authentication market -- and that's good news
I'm Sorry I Called Your Baby Ugly ... But It Is
Commentary  |  2/8/2012  | 
Your product's user interface may not be as appealing as you might think -- and it might just be jeopardizing its adoption
A Response To NoSQL Security Concerns
Commentary  |  2/6/2012  | 
Three key takeaways from a recent webcast about database security in the NoSQL database movement
Passive Network Fingerprinting; p0f Gets Fresh Rewrite
Commentary  |  2/3/2012  | 
Passive network analysis can reveal OS, service, and even vulnerabilities -- just by sniffing the network
Compliance And 'The Little Guys'
Commentary  |  2/3/2012  | 
Small and midsize businesses often let the cost of compliance obscure important benefits
Where's My 'Minority Report' Dashboard?
Commentary  |  2/1/2012  | 
Why haven't user interfaces for security products taken advantage of human movement technologies?


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...